to fix the code and to revise the plug scene

on the Basis of specified threats in the web screen Avast, the threat is in one of the JavaScript s. They can be connected with a resource and load a browser directly from the server, bypassing the file on the website. In this regard, to detect malicious code inside the website we were unable. Please check plug-in scripts and JS from remote Severov, and, if possible, avoid remote loading JS in principle for security reasons. Because if the server where You are loading JS is compromised, JS can be spoofed by attackers, and will suffer as a result visitors to Your website.
For example, most plug-in external JS can be loaded and connect locally. This will eliminate the possibility of tampering from outside JS. In addition, it is necessary to analyze the loaded JS on the malicious code. To do this, we would advise You to contact Your designer or developer.